FTC Sues Data Broker Kochava for Sale of People’s Location Data

Sarah Perez, reporting for TechCrunch:

The U.S. Federal Trade Commission (FTC) on Monday announced it has filed a lawsuit against data broker Kochava Inc. for selling geolocation data from “hundreds of millions of mobile devices,” it says, which could be used to trace the movements of individuals including those to and from sensitive locations. Specifically, the FTC said the data could reveal people’s visits to places like reproductive health clinics, domestic violence or homeless shelters, addiction recovery centers and places of worship.

This personal and private information could expose people to “threats of stigma, stalking, discrimination, job loss, and even physical violence,” the FTC explained in a press release.

The suit aims to halt Kochava’s data collection practices involving sensitive geolocation data and will request that the company delete the data it has already collected.

Location data has always been sensitive — among the most private of private things that can be tracked through computing devices. With Roe v. Wade overturned and antiabortion Christianist lawmakers now drafting laws to make it illegal to cross state lines to get an abortion, the stakes are well past “hypothetical”.

Here’s a spitball idea for Apple: apps that include any sort of framework or integration with data broker companies should be required to list all of those companies by name in their privacy report cards in their App Store listings. As a user, if you’re concerned about the practices of, say, Kochava, you should be able to look at an app’s App Store listing and know with certainty whether the app shares data with Kochava.

Right now, these report cards have descriptions for each section that say something like “The following data may be used to track you across apps and websites owned by other companies.” Apps should be required to list exactly who those other companies are.

Wednesday, 31 August 2022